mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
Solve error with custom certificat
This commit is contained in:
Josué Tille
parent
f4805d6996
commit
0dcd75eeeb
5 changed files with 106 additions and 19 deletions
|
|
@ -3,21 +3,20 @@
|
|||
# Commentaire ignoré
|
||||
; Manifest
|
||||
domain="$DOMAIN" (DOMAIN)
|
||||
path="$PATH" (PATH)
|
||||
is_public=1 (PUBLIC|public=1|private=0)
|
||||
; Checks
|
||||
pkg_linter=1
|
||||
setup_sub_dir=1
|
||||
setup_root=1
|
||||
setup_nourl=0
|
||||
setup_root=0
|
||||
setup_nourl=1
|
||||
setup_private=1
|
||||
setup_public=1
|
||||
upgrade=1
|
||||
backup_restore=1
|
||||
multi_instance=0
|
||||
wrong_user=1
|
||||
wrong_path=1
|
||||
incorrect_path=1
|
||||
wrong_user=0
|
||||
wrong_path=2
|
||||
incorrect_path=0
|
||||
corrupt_source=1
|
||||
fail_download_source=1
|
||||
port_already_use=1 (8008)
|
||||
|
|
|
|||
|
|
@ -50,13 +50,53 @@ GET_DEBIAN_VERSION() {
|
|||
}
|
||||
|
||||
enable_backport_repos() {
|
||||
if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*)" ]]
|
||||
if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*.list)" ]]
|
||||
then
|
||||
echo "deb $(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2) $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list"
|
||||
fi
|
||||
ynh_package_update
|
||||
}
|
||||
|
||||
set_access() { # example : set_access USER FILE
|
||||
user="$1"
|
||||
file_to_set="$2"
|
||||
while [[ 0 ]]
|
||||
do
|
||||
path_to_set=""
|
||||
oldIFS="$IFS"
|
||||
IFS="/"
|
||||
for dirname in $file_to_set
|
||||
do
|
||||
if [[ -n "$dirname" ]]
|
||||
then
|
||||
sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
|
||||
|
||||
path_to_set="$path_to_set/$dirname"
|
||||
|
||||
if $(sudo sudo -u $user test ! -r "$path_to_set")
|
||||
then
|
||||
sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set"
|
||||
sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
|
||||
sudo test -L "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
IFS="$oldIFS"
|
||||
|
||||
if $(sudo test -L "$file_to_set")
|
||||
then
|
||||
if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
|
||||
then
|
||||
file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
|
||||
else
|
||||
file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
|
||||
fi
|
||||
else
|
||||
break
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
|
||||
# $1 = Variable à vérifier
|
||||
# $2 = Texte à afficher en cas d'erreur
|
||||
|
|
|
|||
|
|
@ -99,13 +99,13 @@ sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf
|
|||
sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf
|
||||
|
||||
# Configure access for certificates
|
||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/crt.pem
|
||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/key.pem
|
||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/dh.pem
|
||||
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
|
||||
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
|
||||
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
|
||||
|
||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/crt.pem
|
||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/key.pem
|
||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/dh.pem
|
||||
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
|
||||
set_access turnserver /etc/yunohost/certs/$domain/key.pem
|
||||
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
|
||||
|
||||
# Configuration de logrotate
|
||||
sed -i "s@__APP__@$app@g" ../conf/logrotate
|
||||
|
|
|
|||
|
|
@ -66,6 +66,45 @@ enable_backport_repos() {
|
|||
ynh_package_update
|
||||
}
|
||||
|
||||
set_access() { # example : set_access USER FILE
|
||||
user="$1"
|
||||
file_to_set="$2"
|
||||
while [[ 0 ]]
|
||||
do
|
||||
path_to_set=""
|
||||
oldIFS="$IFS"
|
||||
IFS="/"
|
||||
for dirname in $file_to_set
|
||||
do
|
||||
if [[ -n "$dirname" ]]
|
||||
then
|
||||
sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
|
||||
|
||||
path_to_set="$path_to_set/$dirname"
|
||||
|
||||
if $(sudo sudo -u $user test ! -r "$path_to_set")
|
||||
then
|
||||
sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set"
|
||||
sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
IFS="$oldIFS"
|
||||
|
||||
if $(sudo test -L "$file_to_set")
|
||||
then
|
||||
if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
|
||||
then
|
||||
file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
|
||||
else
|
||||
file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
|
||||
fi
|
||||
else
|
||||
break
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
|
||||
# $1 = Variable à vérifier
|
||||
# $2 = Texte à afficher en cas d'erreur
|
||||
|
|
@ -201,13 +240,13 @@ sudo cp -a ./coturn_config_default "/etc/default/coturn"
|
|||
sudo cp -a ./data/. "/var/lib/matrix-synapse/."
|
||||
|
||||
# Configure access for certificates
|
||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/crt.pem
|
||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/key.pem
|
||||
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/dh.pem
|
||||
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
|
||||
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
|
||||
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
|
||||
|
||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/crt.pem
|
||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/key.pem
|
||||
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/dh.pem
|
||||
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
|
||||
set_access turnserver /etc/yunohost/certs/$domain/key.pem
|
||||
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
|
||||
|
||||
# Ouvre le port dans le firewall
|
||||
sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
|
||||
|
|
|
|||
|
|
@ -37,6 +37,15 @@ sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.
|
|||
sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml
|
||||
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml
|
||||
|
||||
# Configure access for certificates
|
||||
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
|
||||
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
|
||||
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
|
||||
|
||||
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
|
||||
set_access turnserver /etc/yunohost/certs/$domain/key.pem
|
||||
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
|
||||
|
||||
if [ "$is_public" = "0" ]
|
||||
then
|
||||
sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml
|
||||
|
|
|
|||
Loading…
Reference in a new issue